Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Fluffeh writes "Federal authorities have arrested eight men accused of distributing more than $1 million worth of LSD, ecstasy, and other narcotics with an online storefront called 'The Farmer's Market' that used the Tor anonymity service to mask their Internet addresses. Prosecutors said in a press release that the charges were the result of a two-year investigation led by agents of the Drug Enforcement Administration's Los Angeles field division. 'Operation Adam Bomb, ' as the investigation was dubbed, also involved law enforcement agents from several U.S. states and several countries, including Colombia, the Netherlands, and Scotland. The arrests come about a year after Gawker documented the existence of Silk Road, an online narcotics storefront that was available only to Tor users. The site sold LSD, Afghani hashish, tar heroin and other controlled substances and allowed customers to pay using the virtual currency known as Bitcoin."

Hyphenation is your friend. The title is extremely misleading. "Feds Shut Down Tor-Using Narcotics Store".

Real writers re-write to avoid the problem: "Feds shut down narcotics store that had been a TOR user". But you're right the standard of English grammar used today leaves a lot to be desired. Samuel Johnson, the Merriams and Noah Webster can be heard spinning at very high revolutions.

Sorry chaps, I wrote the headline when I submitted it, it was before I had a coffee this morning my time. The heading is ambiguous and I will endevour to make sure that my headlines are no more so in the future.

Except that scientists have studied LSD, for decades, and there has been little evidence of people forming dependences on it. This is in stark contrast to the three most popular legal drugs: caffeine, tobacco, and alcohol.

That none of the various "anonimizer" services out there, from HotSpotShield to Tor, actually give you any kind of tangible identity protection in the "real world" of the current internet

Except that these are not the be-all and end-all of anonymity systems. The anonymous remailer system is much more secure than Tor, and is not vulnerable to the sort of fingerprinting attacks that Tor is vulnerable to. Intelligence agencies have known for decades that perfect receiver anonymity is possible: broadcast an encrypted message (online, this is alt.anonymous.messages on Usenet, or other similar media).

The problem is that people want to be able to do things in real-time. People are not content to wait 48+ hours to receive a message. People are generally willing to sacrifice some security to get speed and convenience, and thus Tor is the most popular strong anonymity system out there.

Kickbacks. If you as a govt official/senator/president/etc, spend govt. money(on pretext of "wars") to benefit your friends in the industries, you get a golden parachute and get a guaranteed place on the board of directors of some company with a hefty salary, and/or get nominated VP/Chairperson to more openly do your shilling and pimping. If you are a politician with any ambition, you get your next political campaign fully financed, as way of thanks.

If you have laws that pretty much strictly punish the govt. officials for benefiting in this manner, once they leave their jobs, you will find plenty of "wars" and problems out-right disappearing.

Most users of LSD voluntarily decrease or stop its use over time. LSD is not considered an addictive drug since it does not produce compulsive drug-seeking behavior. However, LSD does produce tolerance, so some users who take the drug repeatedly must take progressively higher doses to achieve the state of intoxication that they had previously achieved.

I don't have the time to dig up a scientific paper but the article does have sources at the end.

Wachovia admitted it didn't do enough to spot illicit funds in handling $378.4 billion for Mexican-currency-exchange houses from 2004 to 2007. That's the largest violation of the Bank Secrecy Act, an anti-money-laundering law, in U.S. history -- a sum equal to one-third of Mexico's current gross domestic product.

Must have been really difficult to notice the flow of 378 billion over 3 years?

Or maybe not:

"It's the banks laundering money for the cartels that finances the tragedy," says Martin Woods, director of Wachovia's anti-money-laundering unit in London from 2006 to 2009. Woods says he quit the bank in disgust after executives ignored his documentation that drug dealers were funneling money through Wachovia's branch network.

If you're going to make those drugs illegal you should make the money laundering illegal AND enforce those laws. No wrist-slaps. You see the Feds doing anything that would make the Banks change?

"There's no capacity to regulate or punish them because they're too big to be threatened with failure," Blum says. "They seem to be willing to do anything that improves their bottom line, until they're caught."

That's complete bullshit. All you have to do is throw those involved into prison. Keep the bank running and let others take over the jobs. I'm sure the bank can figure out who was involved in the 300 billion. If the bank can't then the people responsible for keeping track should go to prison, just for criminal negligence.

They seem able to throw the small fry into prison:

All three Oropezas pleaded guilty in U.S. District Court in Brownsville to drug and money-laundering charges in March and April 2008. Oscar Oropeza was sentenced to 15 years in prison; his wife was ordered to serve 10 months and his daughter got 6 months.

So in my opinion this shutting down of narcotics stores is just an expensive and pointless show.

Narcotic is mostly useless as a medical term, anyway. It originally described sedatives - e.g., "drugs that put you to sleep," hence the 'narc' in the name. It was also used to describe opioids - e.g., heroin, morphine - most of which DO have a sedative effect, but not all sedatives are opioids. Toss in the legal system overloading the term to mean "anything illegal," and you're pretty much left with relying on context to determine what's meant.

DEA is a legal entity, arrests were made; it's reasonable to assume 'narcotic' is being used in the legal sense, rather than the medical/pharmacological meaning.

It works, no-one can tell where a Tor connection comes from as long as you don't leak that information in some other way

There are a number of well-known attacks on Tor that can compromise your anonymity, especially if your location can be narrowed down to a small geographic area. Suppose that I can narrow your location down to a small town, and I can make a reasonable guess that you are using WiFi. Here is an attack:

I establish a connection with your computer over Tor. This might be done by convincing you to download a large file from a server I control (or visa versa if you are running a hidden service or connecting to a P2P network), or by engaging you in a chat, etc.

I create a recognizable pattern of latency in my connection to you; that is, I create a covert channel that can be externally observed.

I use a high-gain WiFi antenna and search for a signal that exhibits that latency pattern.

I am now in a position to locate you, using radio direction finding equipment.

Easy to pull off? Not at all -- this is something that would only really be done for a high-value target, a priority target on which resources can be spent. This attack has already been used in the past, not when dealing with Tor but when dealing with legal barriers to wiretapping. It is not unreasonable to think that the Chinese government might try something like this to crack down on political dissidents.

Obviously there are some assumptions here that are hard to meet in the general case. How do I narrow down your geographic location? How can I be sure that you use WiFi? In the case of a drug dealer, narrowing down the geographic location is not terribly hard, since packages have to be shipped; the dealer might make long drives to far away post offices, but with enough packages one could get a good idea of where the deal is physically located (again, we should assume that this is a large-scale dealer, someone who would ship large numbers of packages -- someone the police could order a large number of packages from). WiFi is just a good guess, but it is not strictly necessary; an ISP could identify the covert channel too, and I would not be surprised if that was ruled legal by the courts.

At the end of the day, Tor cannot protect you from a concerted, well-funded attack. There are other systems that offer a higher security level (Mixmaster comes to mind) but which are less flexible than Tor, and thus less popular. Tor makes several trade-offs to achieve low latency, and nobody should claim that it could protect you from an intelligence agency or a military force (the DEA comprises both).

Bitcoins aren't even slightly anonymous. All these sellers were outed by the feds simply buying some drugs with bitcoins and watching the bitcoin transactions through block explorer. A few tracked bitcoins wound up passing their way through a legitimate exchange like Mt Gox. Voila, the feds start tracing the transaction history back up the chain. It's actually less secure than old fashioned money laundering.

Wrong. Addiction is a physical dependency. If you have physical withdrawal symptoms, it's an addictive drug. Caffiene's withdrawal symptom is headaches. LSD is neither addictive nor does it have habituation (in tobacco, the habituation is almost as bad as the physical withdrawal).

Yes, I know transactions are visible through the block explorer. What it doesn't reveal is who owns each address, and many are used for only a couple transactions at most. In fact, if you ever really dealt with Mt Gox, you'd realize that they create a new address to send to every time you deposit money. So how are the Feds going to find out that this address belongs to the alpaca socks guy, or that one belongs to Mt Gox? In other words, how would they have any clue, from looking at a record of transactions, that indeed it went through Alpaca, and then Mt. Gox, vs. some other random chain of merchants and exchange?